[Xen-users] domU packet forwarding

[Jeff Eggen <jeggen@xxxxxxxxxxxxxxxxx>]

Hello all,

I'm in the process of installing my first Xen server. I have a dom0
installed (CentOS 5) with public & private IPs. I created a domU (RHEL
4).  I left the networking setup at defaults, so I believe it's using
bridging; I have a virbr0 device in dom0 with an private IP on a new
subnet, and domU has an IP on that private subnet.  From the domU, I can
ping dom0, other hosts on my original private network, and hosts on the
internet.  All good so far.

However, now I want to forward traffic from both the private network and
the internet on specific ports to my domU server.  I don't need the port
changed, just forwarded.  I'm having problems coming up with the
iptables rules to accomplish this.  After reading many different things
online I tried adding the following rules (eth0 is my private IP, virbr0
is on 192.168.122.1, domU is at 122.5):

-t nat -A PREROUTING -p tcp -i eth0 -d XXX.XXX.XXX.XXX --dport #### -j
DNAT --to 192.168.122.5:XXXX
-A FORWARD -p tcp -i eth0 -d 192.168.122.5 --dport #### -j ACCEPT

This accomplished nothing.  I then thought it might be blocking the
virbr0 device, so I added another rule:

-A INPUT -i virbr0 -j ACCEPT

At this point I was able forwarding packets to my domU server from my
private network, but the domU is no longer able to talk to anything past
dom0.  I'm thinking I'm close, and just missing something simple.  Would
anyone be able to suggest something to try / some test to perform to
help identify where I'm having problems?  For that matter, if someone
were able to recommend a nice & clear explanation of how to accomplish
port forwarding to a domU I'd appreciate it. :-)

Thanks in advance,
-- 
Jeff Eggen


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users